$OpenBSD: patch-master_c,v 1.2 2012/07/18 11:15:30 jasper Exp $

Last chunk:
Security fix for CVE-2012-3368
Memory portion (random stack data) disclosure to the client by unclean client disconnect 

Patch from upstream CVS.

--- master.c.orig	Thu Jan 31 06:59:54 2008
+++ master.c	Wed Jul 18 13:14:08 2012
@@ -17,6 +17,7 @@
     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
 #include "dtach.h"
+#define HAVE_OPENPTY
 
 /* The pty struct - The pty information is stored here. */
 struct pty
@@ -189,7 +190,7 @@ create_socket(char *name)
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
-	strcpy(sockun.sun_path, name);
+	strlcpy(sockun.sun_path, name, sizeof(sockun.sun_path));
 	if (bind(s, (struct sockaddr*)&sockun, sizeof(sockun)) < 0)
 	{
 		close(s);
@@ -351,7 +352,10 @@ client_activity(struct client *p)
 
 	/* Push out data to the program. */
 	if (pkt.type == MSG_PUSH)
-		write(the_pty.fd, pkt.u.buf, pkt.len);
+	{
+		if (pkt.len <= sizeof(pkt.u.buf))
+			write(the_pty.fd, pkt.u.buf, pkt.len);
+	}
 
 	/* Attach or detach from the program. */
 	else if (pkt.type == MSG_ATTACH)
